[
https://issues.apache.org/jira/browse/CLOUDSTACK-243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Demetrius Tsitrelis updated CLOUDSTACK-243:
-------------------------------------------
Labels: security (was: documentation security)
Description:
Reference: The JMX Monitoring and Management configuration options are listed
at http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html
The default option values are to allow local connections and, if a remote port
is later specified, to require password-based authentication and to enable SSL.
CloudStack starts Tomcat (see client/tomcatconf/tomcat6-ssl.conf.in) to enable
remote connections AND it explicitly disables all security on that connection:
javax.net.ssl.trustStore=/etc/cloud/management/cloudmanagementserver.keystore
javax.net.ssl.trustStorePassword=vmops.com
com.sun.management.jmxremote.port=45219
com.sun.management.jmxremote.authenticate=false
com.sun.management.jmxremote.ssl=false
Thus remote JMX connections are allowed to the management server without any
authentication. Further, SSL has also been disabled, so even if passwords were
permitted they would be transported unencrypted.
Disabling the default security leaves CloudStack vulnerable to attackers who
can use the JMX APIs/JConsole, etc. to monitor the system or make changes to it
through the various MBeans it exposes.
CVSS: (AV:N/AC:M/Au:N/C:P/I:P/A:N), score 5.8
was:
Tomcat on CloudStack management server is started with
"-Dcom.sun.management.jmxremote.port=45219
-Dcom.sun.management.jmxremote.authenticate=false" flag. As a result, the JMX
port is open without authentication.
Do we need the JMX port? If not, we should close it.
If we need it, we will want to add authentication. Ideally we should add it in
default installation. Or we should mention it in the document.
Summary: On management server, security for remote JMX connections is
disabled (was: Management Server starts with JMX port open and without
authentication)
> On management server, security for remote JMX connections is disabled
> ---------------------------------------------------------------------
>
> Key: CLOUDSTACK-243
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-243
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Install and Setup
> Affects Versions: 4.0.0
> Reporter: Clement Chen
> Labels: security
> Fix For: 4.1.0
>
>
> Reference: The JMX Monitoring and Management configuration options are listed
> at http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html
> The default option values are to allow local connections and, if a remote
> port is later specified, to require password-based authentication and to
> enable SSL.
> CloudStack starts Tomcat (see client/tomcatconf/tomcat6-ssl.conf.in) to
> enable remote connections AND it explicitly disables all security on that
> connection:
> javax.net.ssl.trustStore=/etc/cloud/management/cloudmanagementserver.keystore
> javax.net.ssl.trustStorePassword=vmops.com
> com.sun.management.jmxremote.port=45219
> com.sun.management.jmxremote.authenticate=false
> com.sun.management.jmxremote.ssl=false
> Thus remote JMX connections are allowed to the management server without any
> authentication. Further, SSL has also been disabled, so even if passwords
> were permitted they would be transported unencrypted.
> Disabling the default security leaves CloudStack vulnerable to attackers who
> can use the JMX APIs/JConsole, etc. to monitor the system or make changes to
> it through the various MBeans it exposes.
> CVSS: (AV:N/AC:M/Au:N/C:P/I:P/A:N), score 5.8
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
